Yesterday I covered some basic security tips for WordPress blogs. Today I am covering some of the very basic things you can do to make your site or blog more secure cPanel, the panel through which you set up the basic self-hosting service particulars of your site.

Message you do not want to see!

I am not a computer programmer or software specialist, but I tell such folks that I know enough to be dangerous. I do install and maintain much of my own site software. I have been using computers, dare I say it, since the late 1970s. I have learned a few things along the way and offer this information as is in order to familiarize my readers with some of the security problems and solutions that may inform them. But as a caution, if you are not comfortable changing something in your setup, don’t do it. If you do change something, keep a log of exactly what you did. As always, back everything up before you make any changes.

A Host You Can Reach

– panel often has a video tutorial available. Ask your hosting service if such a video is available if you do not know where to access it. Cannot easily get in touch with someone from your hosting company? Get another one. Make sure you have in person support, live cha

t, and a support phone number. Having the ability to submit a support ticket is not good enough.

What the Crooks Want

cPanel is essentially a dashboard through which you adjust and install software components of your website. It is the gateway to the physical server space you rent from a hosting service. Most hackers are trying to get to your server space where they can install their software to do all sorts of nefarious things.

How They Do It

Those pesky spam comments may be much more than a way to get stupid links on your site. The message could contain code you cannot see that, if you have not secured the files they want to get to, will inject code into your databases. Don’t have databases? Yes you do. They are created to manage user names, comments, likes, and a host of other information that it takes to have a pretty, shiny website or blog. So you want to secure as many files as possible.

Know Your cPanel

Per the image of the cPanel shown below, there are several parts of the panel that concern different functions of your site. When you log in and go to your cPanel, just click the arrow at the right on your panel to open or minimize the various sections.

Preferences: This is where you access tutorials, like the ones I mentioned above, and your basic access info.

Mail: if you have an email address associated with your website, you may want to enable “Spam Assassin and configure the options to fit your needs.

Files: Several things under this section of which you probably want to take advantage. Backups of your entire site is the best kind of security. You can create backups here. You can also ban people from loading files and retrieving their files from your server through anonymous FTP. FTP is file transfer protocol. Just disable it. If any hacker finds this FTP door open, they will let themselves in and turn your site into their play thing. Disable Anonymous FTP.

Logs: There is nothing here that you can enable, however the data that is available here, such as the ip addresses of all the computers that have visited your site (people, bots, and hackers) will be in these log files. If you scan the data, you know who is getting into, or trying to get into, your site. I recommend looking at these raw stats. Just don’t confuse these stats with Google Analytics or the like.

Security: While all of the options available in this section are worthwhile, I don’t recommend that basic users do much more than enable HotLink Protection to preserve their bandwidth. If you don’t do this people can link to you images and elements of your website and display your content on their sites while you are actually paying for the bandwidth they use to access and display it.

Domains: Don’t mess with this unless you know what you are doing. It really does not have much to do with basic security.

Databases: Again, don’t mess with these unless you know what you are doing. MySQL database injection malware resides in these databases, but unless you know what you are doing, just don’t mess with these.

Software/Services: Unless you know enough to install your own software, once again I don’t recommend doing much here. This is where most basic bloggy types access Fantastico and install WordPress.

Advanced: Unless you are advanced at cPanel configuration, I do not recommend accessing these functions.

Hope this helps someone. And really, if you don’t do anything else, disable anonymous FTP under the Files section. If someone else takes care of this part of the process of having a blog for you, talk to them about these things.

Gotta love the attention getting factor that any exclamation of “Zombies!” carries. The CDC even understands this one. They used an outbreak of flesh eating zombies to reach a difficult to engage demographic group with information about emergency preparedness. I can’t believe I didn’t know about this until I Googled “Fox News Zombies.”

And look at how successful Fox News has been shouting “Zombie!” every time they want to distract from their own brain eating activity; actually they use a bait and switch tactic and substitute “Liberal” for the word zombie… but hey, really this is Fox we are talking about and strictly truthful reporting on them would be out of character with spirit and tone of how they stick to “truthful” reporting and their eating of mainstream American brains.

And how could I possibly have a contemporary discussion of zombies and brain-eating without mentioning spammers and their other nefarious Romanian kin. You know the word discussion is problematic, because if you are not out there reading this, we are not having a literary discussion and I am spending an awful lot of time impressing myself with my own cleverness…. but I digress. If you do not know about Romanian IPs then you are a sweet innocent person in the blog world and I’m not sure I want to poison your rosy colored view of the world. Read on at your own peril.

To take care of such techno zombies who will eat your bandwith at best and steal your server in the worst of living nighmares, you ban their IPs. To accomplish this on a self-hosted WordPress blog:

Now this sounds easy, and it actually is if you know how to obtain the IPs of your blog or site visitors. One of the easiest ways to find the IP addresses of your visitors is to add a stats/maps plugin.

Start at your WP dashboard > “Plugins” > “Add New”, > search box, just enter what you are looking for such as “Visitor Maps and Who’s Online” and install and activate if you want to do so. This plugin gives your the IP address of your visitors. You then know which visitors have which IP addies and you can can ban them via comment moderation as mentioned above.

I’ve always found out what IP addresses were accessing my sites through Cpanel, but if Cpanel is a vague concept, or perhaps group of physicians or politicians deciding for women about how women should give birth, then you may need this brief tech digression.

The easiest way, for me, to figure out which IPs are accessing my site, is to gets stats from the server that hosts my blog. I do this through Cpanel. I also like to ban them from this level because if they actually are getting far enough into my blog to comment, they are still eating my bandwidth even if I do ban them from commenting. But I do not recommend this for the novice or the faint of heart. You will end up in a world of hurt if you do not know what you are doing.

So I am just going to list a few of the key ingredients you will have to have on hand if you are going to whip up a dish without spam.

WordPress I primarily talk about WordPress issues and how-tos when I talk tech, but many of the same practices I mention are equally applicable to other blogging platforms, only the details for how to implement those practices vary. If you use another self hosted platform via a Cpanel installation, you can probably get to the IPs in the same way.

Plugins Do Not, I repeat, do not add unverified plugins to your website. Check the details. How long has this person been around making plugins? What version of the plug in is it? Is it 0.1.2 or 1.5.9? Bigger is usually better. How many users have reviewed the software? If it is only three reviewers they are probably the maker’s mom and two friends. What do they say about it? Is the review detailed and does it refer to improvements over time in later versions? I am currently using the Bullet Proof Security Plugin. It is your choice to download and activate a plugin, I’m not recommending us of one, one way or another, and I soon may actually purchase site monitoring services from an interwebs security firm. But if you want to give it a go: Start at your WP Desktop and Go to Plugins > Add New, and in the search box just enter what you are looking for such as “Bullet Proof Security.”

And now to return to today’s theme of zombies. Zombies are such great allegorical vessels! This is the main reason I so adore the unfortunate undead. Only Godzilla rivals Zombies in mass cultural acceptance and symbolic adoption and adaptation of a cinematic character. (Say that 10 times, fast.)

Anyway, this “Z” post is the last entry for April’s A to Z Blog Challenge that I found out about through GBE 2. It has been a fun month, but May will be even better although I will not be posting every single day of the month. Can you hear my big sigh of relief?

Subscribe to this Blog

Badges, Networks, Groups, Conferences… yadda, yadda, yadda…

Influencer Networks

Grab the “My Body, My Vote” Badge

Buy Me a Coffee

Like what I write? Found useful info here. Buy me a cup of coffee (organic, fair trade) to say thank you!

About Me

I have written and published many blogs over the last 15 years on the topics of Later Born Baby Boomers, Peace & Justice Activism, Virtual Worlds, Gene Stratton-Porter, and Medical Child Abuse. I love research, information and the quest for knowledge. I'm an anthropologist by training, and a freelance content creator by vocation. I love things that make sense, could be, and might be so I enjoy good speculative fiction along the lines of Cory Doctorow and TV shows like Dr. Who and Orphan Black.